Detections
Analytics
Komodia SSL Digestor SDK MitM (Detected via DNS Query)
medium Nessus Network Monitor Plugin ID 8929
Synopsis
The remote host is affected by a man-in-the-middle vulnerability.Description
The remote host has an application installed (such as Superfish) that uses the Komodia SSL Digestor SDK. This SDK is used to perform MitM attacks on all HTTPS connections. This is accomplished by installing a root CA certificate associated with the SDK into the Windows trusted system certificate store. The private keys for many of these root CAs are publicly known. Furthermore, this SDK is insecurely implemented and will report websites that use specially crafted self-signed certificates as trusted to the user.A MitM attacker can exploit this vulnerability by reading and/or modifying communications encrypted via HTTPS without the user's knowledge.
Solution
If Superfish is installed, uninstall the application and related root CA certificate using the instructions provided by Lenovo.\n\nOtherwise, contact the vendor for information on how to uninstall the application and bundled root CA certificate.See Also
https://www.us-cert.gov/ncas/alerts/TA15-051A
http://www.kb.cert.org/vuls/id/529496
https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken
Plugin Details
Severity: Medium
ID: 8929
Family: Policy
Published: 3/1/2015
Updated: 3/6/2019
Nessus ID: 81425
Risk Information
VPR
Risk Factor: Medium
Score: 4.5
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:X/RL:U/RC:X
Vulnerability Information
CPE: cpe:/a:komodia:digestor
Patch Publication Date: 2/20/2015
Vulnerability Publication Date: 9/21/2014
Reference Information
CVE: CVE-2015-2077, CVE-2015-2078
BID: 72693